Many circuits are currently unexportable due to the limited set of gates we support. We need to implement them.

Removing DefineGadget will be high on our priority list after this reorg is done.

Originally posted by @kustosz in reilabs/gnark-lean-demo#1 (comment)

Describe the Bug

The call to Concretizer.Call generates an infinite loop.

To Reproduce

Steps to reproduce the behavior:

type Multiplier struct {
    In_A frontend.Variable `gnark:",public"`
    In_B frontend.Variable `gnark:",public"`
}

func (gadget Multiplier) DefineGadget(api abstractor.API) []frontend.Variable {
    product := api.Mul(gadget.In_A, gadget.In_B)
    return []frontend.Variable{product}
}

type PowerGadget struct {
    Base     frontend.Variable `gnark:",public"`
    Exponent int
}

func (gadget PowerGadget) DefineGadget(api abstractor.API) []frontend.Variable {
    // Not checking that exponent >= 2
    carryover := api.Call(Multiplier{gadget.Base, gadget.Base})[0]
    for i := 2; i < gadget.Exponent; i++ {
        carryover = api.Call(Multiplier{carryover, gadget.Base})[0]
    }
    return []frontend.Variable{carryover}
}

// CubicCircuit defines a simple circuit
// x**3 + x + 5 == y
type CubicCircuit struct {
    X frontend.Variable `gnark:"x"`
    Y frontend.Variable `gnark:",public"`
}

func (circuit CubicCircuit) Define(api frontend.API) error {
    x3 := abstractor.CallGadget(api, PowerGadget{circuit.X, 3})[0]
    api.AssertIsEqual(circuit.Y, api.Add(x3, circuit.X, 5))
    return nil
}

func main() {
    var circuit CubicCircuit
    frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &circuit)
}

Expected Behaviour

No Stack Overflow with nested Gadgets

In ExportPrelude function, the value of Order exported to Lean must match the order of the circuit curve

Describe the Bug

Calling extractor.CircuitToLean before frontend.NewWitness using the same object, triggers a pointer error

panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x30 pc=0xbf5337]

To Reproduce

Steps to reproduce the behavior:

// CubicCircuit defines a simple circuit
// x**3 + x + 5 == y
type CubicCircuit struct {
    // struct tags on a variable is optional
    // default uses variable name and secret visibility.
    X frontend.Variable `gnark:"x"`
    Y frontend.Variable `gnark:",public"`
}

// Define declares the circuit constraints
// x**3 + x + 5 == y
func (circuit *CubicCircuit) AbsDefine(api abstractor.API) error {
    x3 := api.Mul(circuit.X, circuit.X, circuit.X)
    sum := api.Add(x3, circuit.X, 5)
    api.AssertIsEqual(circuit.Y, sum)
    return nil
}

func (circuit CubicCircuit) Define(api frontend.API) error {
    return abstractor.Concretize(api, &circuit)
}

func main() {
    // compiles our circuit into a R1CS
    var circuit CubicCircuit
    ccs, _ := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &circuit)


    // groth16 zkSNARK: Setup
    pk, vk, _ := groth16.Setup(ccs)

    // witness definition
    assignment := CubicCircuit{X: 3, Y: 35}
    out, _ := extractor.CircuitToLean(&assignment, ecc.BN254)
    fmt.Println(out)
    witness, _ := frontend.NewWitness(&assignment, ecc.BN254.ScalarField())
    publicWitness, _ := witness.Public()

    // groth16: Prove & Verify
    proof, _ := groth16.Prove(ccs, pk, witness)
    groth16.Verify(proof, vk, publicWitness)
}

Expected Behaviour

Be able to call frontend.NewWitness

There are still a bunch of gates that throw unimplemented errors. They need to be implemented and represented in the abstract circuit rep.

The Gadget API is currently quite clunky, requiring the users to properly wrap/unwrap arrays. We could, instead, use Go's generics to make it smarter in the input/output specs, resulting in a much better, slice-free experience. This task includes designing and API and implementing it. One avenue to explore is to reuse as much of existing gnark infra as possible.

We need to come up and implement an embedding of ToBinary and FromBinary into Lean. The definition should be as close to the arithmetic one as possible. We'll also need existence and uniqueness theorems. Uniqueness theorems become tricky for edge cases (i.e. values close to modulus). This ticket assumes we come up with a usable representation for these.

This should be the actual circuit name, not the word Circuit. Same as we do with gadgets.

Originally posted by @kustosz in #12 (comment)

Replicate the semaphore protocol v3.0 https://github.com/semaphore-protocol/semaphore/tree/main/packages/circuits using gnark-extractor.
Poseidon hash can be simplified for the time being

The supporting code (gate definitions etc) currently only exist as a snippet to be appended to generated code. They should be a lake-published library that can be imported easily.

Private fields in golang structs can't be set, therefore CircuitToLean will fail to initialise and export the circuit.
Add a check to warn the user if the circuit struct contains unsettable fields

Description

What is this about?
Override the namespace of the generated Lean code.

Spec

In the exported Lean file, the circuit is enclosed in the namespce with the name of the circuit struct. It would be nice to be able to override the circuit name.

Exporting a lean circuit currently requires a bunch of manual steps that are not at all tied together. This should change and we should export a Circuit -> String function.